Back to plugin

Security audit

WebStack

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent Bright Data web-data plugin, but it can bypass anti-bot protections, automate websites through residential proxies, and change your Bright Data account setup.

Use this plugin only if you deliberately want Bright Data-powered scraping and browser automation. Before installing, consider legal/terms-of-service limits, use the least-privileged Bright Data token available, watch for automatic zone creation and costs, and require manual confirmation before the agent clicks, types, submits forms, or accesses sensitive sites.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution, suspicious.exposed_secret_literal

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
src/brightdata-browser-tools.ts:101
Evidence
$eval(selector: string, fn: (element: Element) => unknown): Promise<unknown>;

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/brightdata-browser-tools.ts:444
Evidence
const apiToken = [REDACTED](params.pluginConfig);

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/brightdata-client.ts:329
Evidence
const apiToken = [REDACTED](params.pluginConfig);